Understanding the network.pdf - Back to Home

More documents

Recommendations

Info

http://www.pdc.kth.se/kth-krb/ http://www.cybersafe.com/ Using Old-Mode Authentication By default, the IOS uses AAA old-mode authentication. Under AAA old-mode, each dedicated and virtual line interface that requires authentication must be configured using the login command. Here is an example: local-AS#config t Enter configuration commands, one per line. End with CNTL/Z. local-AS(config)#line vty 0 4 local-AS(config-line)#login ? local Local password checking tacacs Use tacacs server for password checking local-AS(config-line)#login local local-AS(config-line)#exit local-AS(config)^Z local-AS# In the example above, you set up old-mode authentication on the VT ports on the router. You now need to create user accounts for each user who requires VT access to the router. This is the same process you used to create user accounts for the WidgetCo dial-in solution: local-AS#config t Enter configuration commands, one per line. End with CNTL/Z. local-AS(config)#username admin password apassword local-AS(config)#^Z local-AS# After the username is created, you can log in to the router using old-mode authentication:
$telnet 192.160.56.5 Trying 192.160.56.5… Connected to 192.160.56.5. Escape character is '^]'. User Access Verification Username: admin Password: local-AS> If you want to use a TACACS server, set up the interface and specify the address of the TACACS server: local-AS#config t Enter configuration commands, one per line. End with CNTL/Z. local-AS(config)#line AUX 0 local-AS(config-line)#login tacacs local-AS(config-line)#exit local-AS(config)#tacacs-server host 192.160.56.1 local-AS(config)#^Z local-AS# NOTE All user accounts and line passwords are in cleartext form unless password encryption is enabled (by using the global configuration command ). Also, there is no facility in the IOS for users to change their passwords, which substantially limits the security value of local user accounting. Using AAA New-Mode New-mode is enabled (along with authentication, accounting and authorization; hence, the name AAA) with the global configuration command :
Page 2 and 3:
Understanding the Network A Practic
Page 4 and 5:
IOS Authentication and Accounting S
Page 6 and 7:
About the Reviewers These reviewers
Page 8 and 9:
Tell Us What You Think As the reade
Page 10 and 11:
mostly dealt with interconnecting m
Page 12 and 13:
• A short introduction to SNMP Ap
Page 14 and 15:
In theory, a computer network can o
Page 16 and 17:
Coaxial cable has a single solid co
Page 18 and 19:
• Radio transmission—It is achi
Page 20 and 21:
• Baseband transmission applies t
Page 22 and 23:
Ring Topology Figure 1.3. The bus t
Page 24 and 25:
Packets and frames are often used a
Page 26 and 27:
Asynchronous transmission involves
Page 28 and 29:
Figure 1.6. Collision handling unde
Page 30 and 31:
In a ring topology, a token is pass
Page 32 and 33:
Repeaters The repeater was introduc
Page 34 and 35:
the network. If your 50-node networ
Page 36 and 37:
Figure 1.12. A collection of nodes
Page 38 and 39:
their destination, type, and conten
Page 40 and 41:
shop, you are using Novell's Direct
Page 42 and 43:
Figure 1.14. The OSI and Internet r
Page 44 and 45:
Layer 7: Application This layer pro
Page 46 and 47:
end-to-end, sequenced data delivery
Page 48 and 49:
outer, the delivery path might be d
Page 50 and 51:
and network transport is a very imp
Page 52 and 53:
Figure 1.16. The "bottom up" commun
Page 54 and 55:
Chapter 2. The Networker's Guide to
Page 56 and 57:
Internet Society, a nonprofit organ
Page 58 and 59:
• First, it performs translations
Page 60 and 61:
Figure 2.2. The IP header. • Vers
Page 62 and 63:
To assist in the reassembly process
Page 64 and 65:
Figure 2.3. IP address classes comp
Page 66 and 67:
taking the natural mask of the addr
Page 68 and 69:
Classful Subnetting Examples The im
Page 70 and 71:
21 2,000 8,000 255.255.248.0 22 1,0
Page 72 and 73:
classful-based address space model.
Page 74 and 75:
Table 2.6. Classless Network Addres
Page 76 and 77:
NOTE Because CIDR is used for addre
Page 78 and 79:
will connect in the future, it is b
Page 80 and 81:
Routers are also called intermediat
Page 82 and 83:
IP datagrams for which the local ho
Page 84 and 85:
1. The Layer 3 to Layer 2 address m
Page 86 and 87:
3. Router B—Router B receives the
Page 88 and 89:
connected networks. Figure 2.11 ill
Page 90 and 91:
Figure 2.12. A simple regional (ISP
Page 92 and 93:
gw1, gw2, gw4 3 gw1, gw3, gw4 3 gw1
Page 94 and 95:
Dynamic routing might not be requir
Page 96 and 97:
The transport layer as a whole repr
Page 98 and 99:
window to reflect changes in the pa
Page 100 and 101:
The TCP Header The TCP header provi
Page 102 and 103:
53 DNS (Domain Name Service) 67 BOO
Page 104 and 105:
SNMP Simple Network Management Prot
Page 106 and 107:
uses both TCP and UDP for service d
Page 108 and 109:
RFC 974 Mail routing and the domain
Page 110 and 111:
Figure 3.1. Physical versus logical
Page 112 and 113:
Figure 3.2. The AppleTalk protocol
Page 114 and 115:
AppleTalk Address Resolution Protoc
Page 116 and 117:
of 400 microseconds, in addition to
Page 118 and 119:
Along with the SAP, there is a 5-by
Page 120 and 121:
delivery is a best-effort delivery
Page 122 and 123:
• DDP checksum (long header only)
Page 124 and 125:
eachable within the internetwork. T
Page 126 and 127:
information from the router's other
Page 129 and 130:
AppleTalk Update Based Routing Prot
Page 131 and 132:
• type is the service classificat
Page 133 and 134:
application layers. AppleTalk has n
Page 135 and 136:
Figure 3.10. ZIP message formats. E
Page 137 and 138:
Printer Access Protocol Printer Acc
Page 139 and 140:
Figure 3.11. Novell (IPX) protocol
Page 141 and 142:
The other nodes on the network that
Page 143 and 144:
Figure 3.13. IPX datagram format.
Page 145 and 146:
the cumulative information gleaned
Page 147 and 148:
• Hop Count is the number of rout
Page 149 and 150:
Upper Layer Protocols IPX is used t
Page 151 and 152:
Msg.Add.Name Adds a unique name to
Page 153 and 154:
Related RFCs RFC 1001 RFC 1002 RFC
Page 155 and 156:
service enhancement or replacement
Page 157 and 158:
Figure 4.1. The LLC interfaces in r
Page 159 and 160:
it does not provide for error recov
Page 161 and 162:
and smooth pattern flow enables MTL
Page 163 and 164:
cabling, backbone length 800m Categ
Page 165 and 166:
combination of light refraction and
Page 167 and 168:
NOTE Cladding is the glass "shell"
Page 169 and 170:
Ethernet The original Ethernet prot
Page 171 and 172:
UTP telephone cabling infrastructur
Page 173 and 174:
Since the introduction of the IEEE
Page 175 and 176:
In the event that two Ethernet end-
Page 177 and 178:
The 802.3 frame type used in Figure
Page 179 and 180:
• Frame check sequence (4 bytes)
Page 181 and 182:
• Physical layer signaling (PLS)
Page 183 and 184:
cable segment length (for coaxial s
Page 185 and 186:
transmission medium using BNC (Brit
Page 187 and 188:
Figure 4.12. A basic 3-cable 10Base
Page 189 and 190:
Figure 4.14. 10Base-T hub-to-hub in
Page 191 and 192:
Figure 4.16. 10Base-T in a consulta
Page 193 and 194:
• Support for full-duplex operati
Page 195 and 196:
mechanisms, in terms of encoding an
Page 197 and 198:
etween different PHY encoding imple
Page 199 and 200:
100Base Ethernet) is based on the p
Page 201 and 202:
The Gigabit PHY The Gigabit PHY con
Page 203 and 204:
CSMA/CD is sensitive to operating r
Page 205 and 206:
The main advantage of using FDR ove
Page 207 and 208:
have to transmit against the priori
Page 209 and 210:
• Ring timing maintenance—The A
Page 211 and 212:
check the lobe cable. If the lobe t
Page 213 and 214:
Token Ring addresses are expressed
Page 215 and 216:
• Report Active Monitor Error (RA
Page 217 and 218:
they first join the ring or in the
Page 219 and 220:
Figure 4.22. The IBM type 1 MIC con
Page 221 and 222:
FDDI Work on the Fiber Distributed
Page 223 and 224:
However, all this comes at a cost,
Page 225 and 226:
Figure 4.25. FDDI MAC data frame an
Page 227 and 228:
topologies needed for the transmiss
Page 229 and 230:
Chapter 5. WAN Internetworking Tech
Page 231 and 232:
Placing a Call The functional model
Page 233 and 234:
LATAs to provide local exchange ser
Page 235 and 236:
The PSTN was originally designed fo
Page 237 and 238:
sampling rate is 8,000 times per se
Page 239 and 240:
Figure 5.1. A multiplexer from a lo
Page 241 and 242:
Table 5.1. The American (DS) and In
Page 243 and 244:
The M24/D4 frame standard is the ba
Page 245 and 246:
contains consecutive ones and zeros
Page 247 and 248:
• Line loopback/line build-out (L
Page 249 and 250:
process. The T3 multiplexer adds st
Page 251 and 252:
committee. The committee provided t
Page 253 and 254:
The photonic layer defines the elec
Page 255 and 256:
such as T1/E1, FDDI, and others. Th
Page 257 and 258:
SS7 signaling components are connec
Page 259 and 260:
SCCP operates as an OSI-RM Layer 3.
Page 261 and 262:
WAN point-to-point links. It can be
Page 263 and 264:
Figure 5.11. The ISDN protocol refe
Page 265 and 266:
• The R interface acts as a point
Page 267 and 268:
• Flag—This is an 8-bit (011111
Page 269 and 270:
terminals attached to the ISDN swit
Page 271 and 272:
X.25 networks are comprised of four
Page 273 and 274:
Frame Relay, like the ISDN effort i
Page 275 and 276:
• Flag—This functions as a fram
Page 277 and 278:
Figure 5.17. the B-ISDN reference m
Page 279 and 280:
environments is implemented using A
Page 281 and 282:
endpoints. A Virtual Path Link (VPL
Page 283 and 284:
ATM endpoints. The user adaptation
Page 285 and 286:
1. The ATM end-device issues a setu
Page 287 and 288:
Data-Link Framing Point-to-point de
Page 289 and 290:
PPP PPP can provide multiprotocol d
Page 291 and 292:
PPP Framing There are three HDLC fr
Page 293 and 294:
• The HDLC and PPP data-link prot
Page 295 and 296:
Chapter 6. Network Switches In this
Page 297 and 298:
Figure 6.1. Partial and full mesh m
Page 299 and 300:
protocol. Figure 6.3 illustrates th
Page 301 and 302:
All hosts can see the traffic that
Page 303 and 304:
To get a better understanding of th
Page 305 and 306:
Figure 6.5. A bridged LAN with span
Page 307 and 308:
support a path discovery method. So
Page 309 and 310:
or performance limitations, network
Page 311 and 312:
network data encryption, WAN reacha
Page 313 and 314:
The Impact of Switching on Traditio
Page 315 and 316:
• Switch backplane—Also referre
Page 317 and 318:
Switch Port Flow Control In full-du
Page 319 and 320:
In the event that the primary trunk
Page 321 and 322:
Figure 6.9. Layer 2 collision domai
Page 323 and 324:
Figure 6.10. Multiport repeaters an
Page 325 and 326:
Figure 6.11. Distributed and collap
Page 327 and 328:
utilization performance. To calcula
Page 329 and 330:
Ideally, the goal of all switch and
Page 331 and 332:
Cut-through uses the same technolog
Page 333 and 334:
VLANs A switch that supports VLAN p
Page 335 and 336:
MAC Address-Based VLANs Another com
Page 337 and 338:
Figure 6.13. Switches running indep
Page 339 and 340:
The configuration layer uses the Ge
Page 341 and 342:
Layer 2 infrastructures to operate
Page 343 and 344:
need. This method not only allocate
Page 345 and 346:
transmitting and receiving. Without
Page 347 and 348:
ATM-specific applications would be
Page 349 and 350:
ATM private-class switches are comp
Page 351 and 352:
Because both the VPI and VCI are us
Page 353 and 354:
environment. The goal is to have La
Page 355 and 356:
Broadcast and Unknown Server The Br
Page 357 and 358:
Figure 6.15. An LEC and its VCC rel
Page 359 and 360:
ATM hosts are accomplished by estab
Page 361 and 362:
• VLANs • Full-duplex switch po
Page 363 and 364:
Chapter 7. Introduction to Cisco Ro
Page 365 and 366:
The 4000 series routers come in a t
Page 367 and 368:
series routers, this partition can
Page 369 and 370:
need to crimp the CAT 5 strands fol
Page 371 and 372:
Use the cable set to build the cabl
Page 373 and 374:
Step 2. This command specifies whic
Page 375 and 376:
AppleTalk FDDI IPX Token Ring VINES
Page 377 and 378:
The IOS Command Line and Configurat
Page 379 and 380:
disconnect Disconnect an existing n
Page 381 and 382:
changes (user to privileged, for ex
Page 383 and 384:
• Router(config)#hostname test-ro
Page 385 and 386:
or • On 7x00 only, use: • •
Page 387 and 388:
Null Null interface Tunnel Tunnel i
Page 389 and 390:
Router(config)#ip rou? route routin
Page 391 and 392:
Ctrl+P, up arrow Previous command i
Page 393 and 394:
mop Copy from a MOP server (not ava
Page 395 and 396:
Now let's see what is on the PCMCIA
Page 397 and 398:
When copying any file, unless no pr
Page 399 and 400:
Ethernet LANs with a dedicated T1 c
Page 401 and 402: Compiled Fri 03-Apr-98 07:00 by rna
Page 403 and 404: 172.16.2.0 /25 172.16.2.128 /26 or
Page 405 and 406: Ridge-GW(config)# ip route 0.0.0.0
Page 407 and 408: In addition to their native protoco
Page 409 and 410: D - EIGRP, EX - EIGRP external, O -
Page 411 and 412: Configuring Dumb Terminal Service T
Page 413 and 414: Ctrl+Shift+6+X suspends a session).
Page 415 and 416: cornpops|Printer on Cisco termserve
Page 417 and 418: Concord-GW(config-if)#flowcontrol h
Page 419 and 420: The AUX port configuration for Ridg
Page 421 and 422: outer and enter the break sequence
Page 423 and 424: Setting the conf-reg Value in ROM M
Page 425 and 426: • Register setting 0x2010—Confi
Page 427 and 428: 8. 9. Router#configure terminal 10.
Page 429 and 430: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Page 431 and 432: Router#config t Enter configuration
Page 433 and 434: -#- ED --type----crc--- -seek--nlen
Page 435 and 436: to xmodem or TFTP (2600 only) an IO
Page 437 and 438: Mountain Standard Time (MST) -7 Pac
Page 439 and 440: eference time is BB0FC7AA.95E93186
Page 441 and 442: in production for a little while. T
Page 443 and 444: use debug mode often. When using th
Page 445 and 446: uucp UNIX-to-UNIX copy system IOS a
Page 447 and 448: Log Management Logs are useless unl
Page 449 and 450: IOS Authentication and Accounting I
Page 451: hostnames (which can be corrected w
Page 455 and 456: In this example, the authentication
Page 457 and 458: makes it easier to configure, becau
Page 459 and 460: define what authentication type sho
Page 461 and 462: Caution should be taken when using
Page 463 and 464: pairs (similar to those used to cre
Page 465 and 466: • Using rommon and disaster recov
Page 467 and 468: In the following section, we review
Page 469 and 470: Deciding to Use a Routing Protocol
Page 471 and 472: Now, here is the qualifier: Not eve
Page 473 and 474: If RIP was the routing protocol for
Page 475 and 476: Distance Vector Protocols All routi
Page 477 and 478: space) based on a power of 2. Class
Page 479 and 480: address space), but you would run i
Page 481 and 482: destination address that falls with
Page 483 and 484: the different IP address spaces int
Page 485 and 486: Weaknesses of Static Routing Static
Page 487 and 488: Today, RIP is considered by some to
Page 489 and 490: RIP 192.124.32.0 /24 192.124.35.1 3
Page 491 and 492: All routers on the network keep tra
Page 493 and 494: RIP's Value Today RIP is old, it's
Page 495 and 496: • Better reliability—OSPF route
Page 497 and 498: Figure 8.10. Single- and multi-area
Page 499 and 500: • Internal routers—These router
Page 501 and 502: to the backbone. In Figure 8.13, al
Page 503 and 504:
Figure 8.14. OSPF router designatio
Page 505 and 506:
oundary routers. They describe netw
Page 507 and 508:
outer's point of view. The path con
Page 509 and 510:
Autonomous Systems and Exterior Rou
Page 511 and 512:
Figure 8.16. The IGP to ERP handoff
Page 513:
Figure 8.17. The BGP finite state m
Page 516 and 517:
EGPs have been increasing in popula
Page 518 and 519:
Chapter 9. Advanced Cisco Router Co
Page 520 and 521:
specified ACL number range. Table 9
Page 522 and 523:
default, all traffic is denied. Onl
Page 524 and 525:
asbr-a2#config t Enter configuratio
Page 526 and 527:
trying to build ACLs with the comma
Page 528 and 529:
trace Multicast trace IGMP log Log
Page 530 and 531:
Tftp Trivial File Transfer Protocol
Page 532 and 533:
access-list 100 permit tcp any 172.
Page 534 and 535:
Table 9.5. AppleTalk ACL Filtering
Page 536 and 537:
Figure 9.1. The AnyCo corporate App
Page 538 and 539:
One word of caution: If you plan to
Page 540 and 541:
You can also log hits on ports by a
Page 542 and 543:
Table 9.8. Route-Map Operators for
Page 544 and 545:
exists, a group identifier (which c
Page 546 and 547:
hegel# With this configuration, bec
Page 548 and 549:
NAT is commonly used in a fashion s
Page 550 and 551:
The [prefix-length] or [netmask] se
Page 552 and 553:
NAT's Shortcomings Although NAT is
Page 554 and 555:
NOTE Administrators beware: Tunneli
Page 556 and 557:
connects, the active key informatio
Page 558 and 559:
encapsulation, framing, and line si
Page 560 and 561:
asbr-a2(config-if)#ip address 172.1
Page 562 and 563:
problem if you are provisioning ISD
Page 564 and 565:
22:41:34: %LINK-3-UPDOWN: Interface
Page 566 and 567:
POP mail request is made. Now let's
Page 568 and 569:
leibniz(config-if)#backup interface
Page 570 and 571:
When the primary link fails, the BR
Page 572 and 573:
1.544Mbps. The actual transport lin
Page 574 and 575:
the cost-effective and bandwidth-ef
Page 576 and 577:
interface configuration subcommand
Page 578 and 579:
it is possible to exchange packets
Page 580 and 581:
interface serial0.2 point-to-point
Page 582 and 583:
Figure 9.6. A multipoint FR example
Page 584 and 585:
2. ATM encapsulation must be enable
Page 586 and 587:
are commonly used in large-scale cl
Page 588 and 589:
persephone(config)#interface atm 3/
Page 590 and 591:
• The creation and application of
Page 592 and 593:
Chapter 10. Configuring IP Routing
Page 594 and 595:
After you have a list of requiremen
Page 596 and 597:
Control commands: Displaying
Page 598 and 599:
not active, it is quite common for
Page 600 and 601:
Incoming update filter list for all
Page 602 and 603:
When changing any IP routing behavi
Page 604 and 605:
asbr-a1(config-if)#^Z asbr-a1# When
Page 606 and 607:
For asbr-a2 to reach all the testne
Page 608 and 609:
192.168.160.0/30 is subnetted, 1 su
Page 610 and 611:
order to maintain computability wit
Page 612 and 613:
Configuring Dynamic IGP and EGP IP
Page 614 and 615:
passive-interface s1 By enabling th
Page 616 and 617:
asbr-a1(config-router)#network 12.0
Page 618 and 619:
To verify that the adjusted route m
Page 620 and 621:
The command is a general routing p
Page 622 and 623:
EIGRP, as I'm sure you have guessed
Page 624 and 625:
No matter how the announcement entr
Page 626 and 627:
Incoming update filter list for all
Page 628 and 629:
is adjustable using the router con
Page 630 and 631:
• IOS also supports various debu
Page 632 and 633:
outers: • Backbone Routers—Thes
Page 634 and 635:
process. The router would construct
Page 636 and 637:
e1/1 192.168.9.0 fe0/0 192.168.0.0
Page 638 and 639:
An alternative to this is to use th
Page 640 and 641:
C 192.168.191.0/24 is directly conn
Page 642 and 643:
Link State Age Interval is 00:20:00
Page 644 and 645:
C 192.168.191.0/24 is directly conn
Page 646 and 647:
to asbr-a1 was a remote office that
Page 648 and 649:
interface Serial1 ip address 192.16
Page 650 and 651:
which to exchange OSPF messages. Th
Page 652 and 653:
OSPF Monitoring Commands Throughout
Page 654 and 655:
• • • NOTE • will display
Page 656 and 657:
Figure 10.4. AURP tunnel interfaces
Page 658 and 659:
appletalk glean-packets hostname as
Page 660 and 661:
For many users, the usefulness of B
Page 662 and 663:
internal/Internet access router whe
Page 664 and 665:
externally destined traffic arrives
Page 666 and 667:
Routers asbr-a1/a2 and asbr-b1/b2 a
Page 668 and 669:
BGP Reflectors An alternative to ha
Page 670 and 671:
network 192.168.0.0 mask 255.255.25
Page 672 and 673:
dynamic routing protocols are used
Page 674 and 675:
Figure 10.8. An example network run
Page 676 and 677:
Controlling Redistribution In some
Page 678 and 679:
hostname ABR-a57 ! access-list 1 pe
Page 680 and 681:
access-list 2 deny 10.0.1.0 access-
Page 682 and 683:
Keep in mind that route-maps, li
Page 684 and 685:
Chapter 11. Network Troubleshooting
Page 686 and 687:
However, the most valuable tool of
Page 688 and 689:
• Description of primary function
Page 690 and 691:
of cable fault, different CSFSs are
Page 692 and 693:
For Windows Systems, check out the
Page 694 and 695:
command. On a Windows NT system, us
Page 696 and 697:
#Do not change these variables logf
Page 698 and 699:
# If any of the hosts fail to respo
Page 700 and 701:
upgrade. So, when the time comes to
Page 702 and 703:
throughput over time, instead of si
Page 704 and 705:
protocol is the most prone to perfo
Page 706 and 707:
NOTE When looking at network broadc
Page 708 and 709:
NOTE Another common network error n
Page 710 and 711:
and the physical ring segment that
Page 712 and 713:
tolerances the frames, timing shift
Page 714 and 715:
practical terms, this means that at
Page 716 and 717:
etransmissions, however, usually ha
Page 718 and 719:
4. Don't get lost in the big pictur
Page 720 and 721:
• Link and services monitoring, n
Page 722 and 723:
eports on network utilization, avai
Page 724 and 725:
o Bandwidth utilization rates o Rat
Page 726 and 727:
and improved management capabilitie
Page 728 and 729:
After the supported SNMP version is
Page 730 and 731:
Table 11.3. ASN.1 Keywords Used wit
Page 732 and 733:
application-wide tags, which are us
Page 734 and 735:
TestSequence ::= SEQUENCE { example
Page 736 and 737:
The MIB-2 and RMON-MIB modules are
Page 738 and 739:
iso.identfied-orgnaization.dod.inte
Page 740 and 741:
accepted values are getRequest, get
Page 742 and 743:
Spectrum is available in both UNIX
Page 744 and 745:
Figure 11.8. Windows NT 4.0 SNMP Ag
Page 746 and 747:
To access any of the NT SNMP agent
Page 748 and 749:
The installation of the SNMP agent
Page 750 and 751:
Figure 11.13. The Windows 95/98 Sel
Page 752 and 753:
Figure 11.15. Locating the Windows
Page 754 and 755:
Figure 11.17. The SNMP configuratio
Page 756 and 757:
2. Scroll to Network Connectivity o
Page 758 and 759:
sysLocation information, go to the
Page 760 and 761:
example that just implements the ba
Page 762 and 763:
protocol, service, and application
Page 764 and 765:
RFC 1089 RFC 1147 RFC 1155 RFC 1157
Page 766:
Appendix A. Binary Conversion Table
show all

Understanding the network.pdf - Back to Home

Create successful ePaper yourself

Delete template?

Save as template?